Unsettling but unsurprising Facebook privacy news
By Mof Gimmers
Over at Gizmodo, they’ve opened a can of worms. A can of worms that had a skeleton key inside.
So horrifying is the news that this writer has been forced into using rubbish analogies and hyperbole.
Basically, they’ve conducted an interview with an anonymous Facebook employee who has lifted the lid on how Facebook works.
The piece of gossip that will no doubt grab the most attention is that of a universal password that allows access to any account.
It’s worth pointing out that this password only worked when used from computers in the Facebook offices, but that won’t appease those who cherish their privacy. Those folks might be concerned at the news that Facebook employees still have access to all your info, including the profiles you look at and any information you have deleted.
That means any incriminating pictures of you getting mucky with a tin of chicken or that massive note you wrote in praise of Hitler’s watercolours/killing of millions of people. Facebook can still get at them and, if they wanted to, pass that information around and confirm that you are, as suspected, a dick.
Of course, you could argue that it’s hardly surprising that this is the case, given the fact that such a password makes it easier for the staff to troubleshoot and provide technical support on all of the account names.
Is this just common practice or is it a terrible invasion of your privacy? According to Facebook founder Mark Zuckerberg, you don’t even want your privacy anymore. What do you think?
Posted in Personal privacy, tech January 12th, 2010 | 17 Comments
feral trolley of the week
Of course they are going to have access, they are the fucking administrators of the site.
The password is up, down, left, right, A & start together
i heard it was alt+f4 and worked on any pc…
Most system administrators have access to all the users accounts.
And more startling revelations, drop something and gravity will pull it to the ground, women like to buy shoes and Britain has had a bit of snow lately.
Have to agree with Shopdis Fonzhit on this one. Also, as mentioned in the interview the password is unnecessary as they have access to the backend database with all the data in it anyway. This isn’t uncommon in the slightest.
Umm.. of course they have access to all the information. They are the fucking system administrators for god’s sake. They actually have better security than most companies, by ensuring the universal login only works within FB’s own office on their own computers, so even if the password leaked it would be of no use to anyone.
What a non-story. Hey, at least you managed to roll out the chicken-in-a-can article for the third time. If you do that often enough, it might become funny. Keep trying, guys.
its a little different for a few admins to have access to a DB (which should be encypted in some way) vs. what the article says. It seems to imply to bog standard employee joe@facebook.com could login and see all the bits in anyones account. So yes this actually is a story. admins dont need to be able to see the information to administrate a DB/website. at least good ones.
Agreed re fb having backend access anyway however don’t overlook: (a) _any_ fb employee, not just a senior sys admin or dba was able to view your complete data with the universal password and (b) they aren’t deleting your historical deletes.
It’s your data, do as you choose. However most people aren’t aware of how loose the protection is.
When I worked at a bank, I had access to view the details of every single account of every single customer and could search and analyse see peoples addresses, balances, loans, mortgages, spending habits, credit ratings etc etc etc. It was necessary to do my job. I could have downloaded all that information and manipulated it or published it but I didn’t because I didn’t want to get the sack or go to prison.
As a system admin I agree with srb -there is no need for administrators to have access to the information in a db to administer it.
What used to amaze me from my days on first line support was how eager users are to give you their passwords – blurting them out before they’ve even told you the problem. Looking at the responses above it seems most people still don’t beleive they have any right to data privacy.
Alternatively, if you’d be ashamed of something being made public, don’t put it on a ficking website, regardless of your privacy settings. If you don’t want the world to see you fellating a horse, just your mucky friends, perhaps facebook isn’t the place for it.
I’d agree with Codify, MrRobin and Mike on this one…
1. The fact they have its restricted to Facebook offices only is probably higher security than the majority of companies. Although, for home-working, I bet they have the ability to VPN to their machine and do their usual tasks…including the ’skeleton key’ password.
2. Admin need a high level of access in order to replicate problems.
3. Facebook uses the word publish for a reason, you “publish” your photos for the world to see!
Not atall surprising. Everything we put up online has someone able to fiddle with it. Even if you run your own website the ISP can control things.
If you value privacy you do not even use facebook. I don’t and don’t see why one would.
I can store my private photos on a private network, keep in contact and chat to people using various other techs, preferably face to face, and don’t feel compelled to parade my social network like some sort of peacock feather.
Its the bebo gen on acid.
funneling and recreating my life on a private entities server is asking for trouble imo
You are surprised by that? You are storing your information on THEIR SERVERS, not only that, you’re doing it for FREE, if you don’t like it, stop wasting your time on stupid websites.